Ransomware is still on the rise.  Not only that, but concerningly success rates seem to be up.  With well-known brands such as Kia Motors, Acer Computers and Accenture Consulting being hit by Ransomware attacks so far in 2021, we are seeing an ever increasing number of large organisations suffering.

This trend not only sees the ability of the Ransomware groups to infiltrate the networks of large, successful and (you might think) well protected companies,  but also in terms of increasing likelihood that the victim company will actually pay the ransom.

What a conundrum though, as Forbes reported in May 2021, 92% of those who choose to pay the ransom demands do not get all of their data back!

In a rare insight in to how attack players operate, and with easy to follow processes and a call to seek open source info, the Conti Ransomware Playbook, translated by Cisco Talos Intelligence Group, makes for a very interesting read. Take a look at what Bleeping Computer had to say on the playbook.

This got us thinking about protection, so we caught up with Elliot Kemp, one of our Cyber Security Consultants on this topic and here’s a little of what he had to say:

Coming from an academic background, it re-affirms what we already know in that the tools used to attack victims are so easy to obtain in certain parts of the world, all it takes in many cases is a bored tech-savvy teenager and an internet connection to cause devastation upon an unsuspecting business”.

He goes on to say that; “Just as there are organisations and vendors working to patch their systems on a constant basis, there are people out there looking for more vulnerabilities to exploit and take advantage of to make as much money as possible. What’s worse is that if a business doesn’t have a robust patch management process, a vendor’s attempts at mitigating a vulnerability could be fruitless as these exploits don’t “magically” fix themselves”.

The levels of investment in preparation and protection will often vastly outweigh the potential ransom demands once a breach has occurred.  If you invest ahead of time then the painful decision around whether to pay the demands vs the costs to ongoing disruptions and risk has more chance of being mitigated.

To conclude Elliot warns us that “If a business is surprised by any of this then they need to re-evaluate their risk appetite and consider investing in a Cyber Security Assessment to see where their security posture currently resides, otherwise it could be them that is the next target of the current trend in security”.

All too often the focus is on the larger organisations and how they suffer at the hands of criminals demanding large payments, however we must stress that any business or organisation is a potential target.  Were an attacker to deploy Malware at scale to a large number of SME’s and demand smaller ransom payments they may well reap large rewards as the impact on a smaller business and its systems could stop it from operating in a moment.

Remember this, whatever we think from a moral or business perspective, any ransomware attacks resulting in payments that make it to these criminals leads to investment in new capabilities which puts all organisations at further risk and arguably builds the case for investing in protection ahead of time.